kerberos安装

1.安装配置kerberos

      1.1 安装服务端：kdc

        yum install -y krb5-server krb5-libs krb5-workstation

     

      1.2 配置服务端：

         配置/etc/krb5.conf

         includedir /etc/krb5.conf.d/

[logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 default_realm=HNA.CN

 dns_lookup_realm = false

 ticket_lifetime = 24h

 renew_lifetime = 7d

 forwardable = true

 rdns = false

# default_realm = EXAMPLE.COM

 default_ccache_name = KEYRING:persistent:%{uid}

[realms]

  HNA.CN = {

   kdc = bd-50.hna.cn

   admin_server = bd-50.hna.cn

  }

[domain_realm]

  .bd-50.hna.cn = HNA.CN

  bd-50.hna.cn = HNA.CN

配置/var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]

 kdc_ports = 88

 kdc_tcp_ports = 88

[realms]

 HNA.CN = {

  #master_key_type = aes256-cts

  #kadmind_port = 749

  max_life = 12h 0m 0s

  max_renewable_life= 7d 0h 0m 0s

  acl_file = /var/kerberos/krb5kdc/kadm5.acl

  dict_file = /usr/share/dict/words

  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab

  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal

 }

配置/var/kerberos/krb5kdc/kadm5.acl

  */admin@HNA.CN  *

      2 安装客户端：

       yum install -y krb5-workstation  krb5-libs

       配置客户端：

        scp /etc/krb5.conf name@host:/etc/krb5.conf

3. Kerberos使用：

   创建数据库：kdb5_util create -rHNA.CN -s

  创建远程管理员：

    kadmin.local

       Addprinc root/admin@HNA.CN

  4.kerberos服务配置：

      chkconfig krb5kdc on

      Chkconfig admin  on

      Service  krb5kdc start

      Service  kadmin  start

 测试：

      kinit root/admin@HNA.CN